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The Serializability of Concurrent Database Updates* 


by 


Christos H. Papadimitriou 
Massachusetts Institute of Technology 


Abstract 


A sequence of interleaved user transactions in a database system may not 
be serializable, i.e., equivalent to some sequential execution of the 
individual transactions. Using a simple transaction model we show that 
recognizing the transaction histories which are serializable is an NP- 
complete problem. We therefore introduce several efficiently recognizable 
gsunclasses of the class of serializable histories; most of thege syb- 
classes correspond to serializability principles existing in the 
literature and used in practice. We also propose two new principles 
which subsume all previously known ones. We give necessary and sufficient 
conditions for a class of histories to be the output of an efficient 
history scheduler; these conditions imply that there can be no efficient 
scheduler that outputs all of serializable histories, and also that all 
subclasses of serializable histories studied above have an efficient 
scheduler. Finally, we show how our results can be ecteaana to far more 
general transaction models, to transactions with partly interpreted 


functions, and to distributed database systems. 
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1. INTRODUCTION 


‘In many situations many users may consult and update a common data- 
base. We can think of such independent user transactions as sequences of 
atomic database operations, interleaved with computations that are local 
to the user, that is, they do not affect or depend on the current state 
of the database. It is a function of database management to handle the 
update and retrieval requests made by the users in such a way so that the 
resulting overall process is in some appropriate sense correct. It is 
generally accepted--see). for example, [SLR], (SK], [EGLT], [BPR] —-that 
the right notion of correctness in this context is that of serialiaability. 
A sequence of atomic user updates/retrievals is called serializable 
asgentially if its overall effect is as though the users took turns, in 
some order, executing each their eeeise transaction indivisibly. The 
simplest example of. a non-serializable sequence is a primitive form of a 
"race". Imagine two users that increment a counter by first sensing its 
value, and later registering an increased one. If both users retrieve 
the value of the counter before either of them has updated it, the 
resulting execution sequence--or history--is not serializable. This is 
because both possible serial executions of these transactions would have 
resulted in a larger total increment. Naturally, much subtler examples 
exist. | 

The appeal of serializability as a correctness criterion is quite 
easy to justify. Databases are supposed to be faithful models of parts 
af the world, and user transactions represent instantaneous changes in 


the world. Since such changes are totally ordered by temporal priority, 
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the only acceptable interleavings of atomic steps of different trans~ 
actions are those that are equivalent to some sequential execution of 

these transactions. Another way of viewing serializability is as a tool 
for ensuring system correctness. If each user transaction is correct--i.e., 
when run by itself, it is guarariteed to map consistent states of the data- 
base to consistent states-~and transactions are guaranteed to be inter- 
mingled in a serializable way, then the overall system is also correct. 

In this paper we consider transactions that consist of two atomic 
actions: a retrieval of the values of a set of database entities--called 
the read-set of the transaction-~followed by an update of the values of 
another set of enbielgn the wrtite-set. This is exactly the kind of 
transactions handled by the system SDD-1 [BGRP], [RG]. However, the 
main reason for considering this model here is that it provides a nice 
framework for understanding and comparing very different philosophies of 
serializability that already exist in the literature--e.g., [BS], [SLR], 
[ZGLT], [BGRP]. Despite its icetedt simplicity, it yields a theory of 
serializability that is rich in combinatorial intricacies, and raises 
interesting complexity questions. Since our model is the most general 
common restriction of the models in the various references cited above, 
our negative results apply verbatim to those models. prurtherasbe: most. 
of our positive results and characterizations are also easily generalizable 
to more general situations, although their proofs--in many cases their 
very statements--would be extremely cumbersome. Hence, we view our model 
as a convenient language, of the right degree of conceptual complexity, 
for developing and communicating our ideas about serializability, rather 


than a set of restrictions that enable the proofs of certain theorems. 


We formalize our model of transactions in Section 2, where some pre- 
liminary results are also proved. 

In Section 3 we prove that the question of whether a given sequence 
of read and write operations corresponding to several transactions (called 
a history) is serializable is NP-complete [AHU], [Ka]. This eabieaen 
that, most probably, there is no efficient algorithm that distinguishes 
between serializable and non-serializable histories. 

In Section 4, we study some efficiently recognizable subsets of the 
set of serializable histories. In other words, we present’ polynomiai-time 
“heuristics" that approximate the NP-complete predicate of serializability-- 
in a manner quite reminiscent of efficient approximations of NP-complete 
eptimisgation problems [GJ], [PS]. We. show that the two-phase locking 
strategy [EGLT] and the protocol P3 of [BGRP] are incosmensurate:special 
cases of two more general classes calied Q and DSR--the latter: is 
related with the model of [SLR]. These two serializability principles 
are therefore very general (and applicable) new serialization methods. We 
also introduce the class SSR of histories that can be serialized without 
reversing the order of temporally non-overlapping transactions; it is not 
known whether this class is efficiently recognizable. In Section 5, we 
observe that the quite intricate interrelations among these interesting 
classes are simplified considerably if some "static" restrictions ea 
imposed on the read~ and write-sets. We point out there that the simple 
serializability theoty of [SLR] is due to such a restriction of their model. 

For all efficiently recognizable classes of histories studied in 
Sections 4 and 5 there is also an efficient scheduler; an algorithm, that 


is, which takes any history and transforms it to its closest (according 


Lhe 


to some appropriate metric) history within the class considered. In 
Section 6 we show that this is no accident: a class of histories has 
an efficient scheduler if and only if it is efficiently recognizable, 
plus a regularity condition, namely that its set of prefixes is also 
efficiently recognizable. By this result, the complexity theory developed 
in Sections 3 through 5 is practically ea eae because the practical 
question of the existence of an efficient scheduler for a given class 
of histories is explicitly linked to the complexity properties of the 
class. Another jepiicecion is the hagative result that, unless P = JP, 
there is no efficient "serializer" of histories, and hence considering 
efficient but more restrictive schedulers--such as the ones discussed 
above-~is a reasonable alternative. Finally, Section 7 concludes our 
treatment of the subject. We discuss there a number of possible exten- 
sions of our results such as to general (multi-step) transactions and 


distributed databases. 


aSe 


2. | DEFINITIONS-NOTATION 


A history is a quadruple h-= (n,™,V,S), where n is a positive 
integer; T is a permutation of the set x = {R, WR Wyre RW I~ 
that is, a one-to-one function mT: + {1,2,...,2n}--such that 
T(R,) <7 (W,) for i=1,2,...,n (a permutation T is represented by 
<n) (1) ,0 + (2),.22,0 1 (2n)>) 3 finally, S is a function mapping om to 
V oe 
2, where V is a finite set of vartablee. Each pair (R,.W,) will be 
A af and 
S(W,) its wrtte set. We shall represent histories in a compact way by 


called a transaction T,. S(R,) will be called the read set of T 


exhibiting T, with the sets S(-) given in brackets following each 
element of oa For example, the history h = (3,<R, -R, Wy /R3/WoW,>- 
_{x,y},5) where S(R,) = 8(R,) = {x}, $(R,) = @, S(W,) = fy}, and 


8(W,) = S(W,) = {x,y} is represented as 
h = R, [x] RW, [x,y]R, [x]W, [x,y], ly] - 


The set of all histories is denoted by H. 


We can think of each transaction T, as starting with an instantaneous 


i 
reading of the values in the variables in S(R,), performing a possibly 
lengthy local computation and then instantaneously recording the results 
in a different set S(W,) of variables. We do not look into the details 
of the exact nature of the local. computation. In fact, we view each 
transaction T, asa set of Isww,)| uninterpreted |s(R,) |-ary function 
symbols — {£,,:3=1,--.A5(W MI. tw is the sequence in which these atomic 
vead and write operations take place. Thus, a history can be viewed aa a 


special case of a fork-join parallel program schema, in which the local 
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Figure 1. The history h=R, (x] RW, ([x,y]R, [xIW, [x,y]W, ty] viewed as a 


parallel program schema. 


ee 


computations involve a number of local temporary variables t ij and are 
executed in parallel with other read-write operations (see Figure 1). 

The concatenation of two histories h, = (n,7,V,8), h, = (m,?,V,T) 
is a history hy ° h,= (n+m,T,V,P), where P(W,) =S(W,) if i<n, and 
P(W,)=T(W,_) for i>n. Similarly, P(R,) = S(R,) if i<n, and 
P(R,) =T(R,_)) for i>n. Also T(W,) =7(W) if i<n, and 
T(W,) = p(w, _)+2n for i >-n, (Ry) * 7 (Ry) for i <n, T(Ry) = p(Ry-y)+2n for 
i>n. In other words heh, is a juxtaposition of the two histories, only 


with the transactions of h. renamed. Thus, if 


2 


h, = R, [x] Ry [y] Wo ty] RW, [z]W, ty] 


h, = R, [x,y]R, [x]W, {y]W, [z] ’ 
then 


hy oh, = R, [xIR, [y]W, [yIR,W, [2]W, fy]R, [x-yIR, (x]W, [y]W, [2]. 


We say that two histories h,= (n,1,V,S) and h, = (n,7',V,S) are 
equivalent (written h, = h,) if and only if the corresponding schemata are 
(strongly) equivalent. In other words, given any set of | Iv| domains for 
the variables, any set of initial values for the variables from the 
corresponding domains, and, furthermore, any interpretation of the functions 
£5 4" the values of the variables are identical after the execution of both 
histories. Notice that our definition of equivalence requires that the two 
histories involve the same set of transactions. Thus h, = R, fy]R,W, (x]W, [x] 
ig not equivalent to h,= R, fy]W, {x], despite the fact that their corresponding 
schemata are equivalent (essentially because T, is "dead" in h,)- This is 
a matter of convenience, and little change to our derivations would be 


necessary in order to broaden equivalence in this sense. 


To give a syntactic characterization of equivalence, it is necessary 
to first introduce some terminology. Let h= (n,1,V,S) be a history. 
The augmented version of h is the history h= (n+2,7,V,S), where 
Te SR Me Rao Wnt 
and also 8(R4) =S(W i.) =, S(W) =S(R,,) =V. In other words, h 


> and S(R,)=S(R,), S(W,)=S(W,) for i<n, 


is h preceded by a transaction that initializes all variables without 
sensing any, and followed by a transaction that reads the final values of 
all the variables, without changing them. Suppose that x€S(R,) - We 


say that R 


4 reads x from Ww, in h if W, is the latest occurrence 


j 3 


of a write symbol before R, in Rk such that x€S(W,). Notice that 


since h contains Wa) With S(W1,)=V, such a write symbol always 


1 
exists. The definition of a live transaction in h is as follows: 


a- Ti is live in h. 


b. I£ for some live transaction Tye R, reads a variable from Wy, 


in h, then T, is also live in h. 

c. The only kinds of live transactions in h are defined by {a) 
and (b) above. 

The following is now a simple syntactic characterization of history 


equivalence, essentially a restatement of the characterization of schema 


equivalence in terms of Herbrand interpretations, [LPP]: 


PROPOSITION 1. Two histories h, = (n,7,V,S) and h, = (n,1',V,S) 
are equivalent if and only if they have the same sets of live transactions, 


and a live R; reads x from , in hy if and only if R; reads x 


from W, in h,- o 


3 


~Qe 


One of the implications of Proposition 1 is that, equivalence of 
histories can be decided efficiently. ‘The sets of live transactions can 
be found in O(n- Iv] time by applying the recursive definition given 


above, and so can the reads from relation for transactions. Hence we have: 


COROLLARY. Equivalence of histories can be decided in 0(n-|v]) 


time. o 


The main theme of this paper is the notion of serializability. A 
history h=(n,7,V,S) is serial if ™(W,) = 7(R,) +1 for all i*1,2,.../n3 


in other words, a history is serial if R, immediately preceeds Wy in it 


i 
for i=1,...,n. A history h is sertaligable (notation: h€SR) if and 
only if there is a serial history ho such that h=h_. In the next 
section we shall present a syntactic characterization of serializable 


histories analogous to (and based on) Proposition 1. 
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3. THE COMPLEXITY OF SERIALIZABILITY 


In order to examine the complexity of the serializability problem, 


we need first to introduce some graph-theoretic terminology. 


DEFINITION 1. A polygraph* P=(N,A,B) is a digraph (N,A) to- 
gether with a set B of bipathe; that is, pairs of arcs--not necessarily 


in A--of the form ((v,u) fu,w)) such that (w,v) €A. a 


Alternatively, a polygraph (N,A,B) can be viewed as a family D(N,A,B) 
of digraphs. A digraph (N,A') is in D(N,A,B) if and only if AC A', 
and for each bipath (a, .a,) €B, A’ contains at least one of ase ay: 
Polygraphs will be represented schematically as in Figure 2a. Arcs in A 
will be drawn as ordinary arrows, and pairs of arcs in B will be marked 


by a circular arc centered on their common node. 


DEFINITION 2. A polygraph (N,A,B) is acyclic if there is an 


acyclic digraph in D{N,A,B). a 


For example, the digraph of Figure 2b is both in D(N,A,B) and 
acyclic; it follows that (N,A,B) of Figure 2a is acyclic. Notice that 
for a polygraph (N,A,B) ‘to be acyclic, the digraph (N,A) must 
definitely be acyclic. 
Given any history h=(n,1,V,S) we are going to define a polygraph 
P(h) = (N,A,B). N is the set of live transactions of h, the augmented version 


of h. First, A contains the arcs ((r yy) iveén-{t tt, and also the 


* 
We insist on this terminology only because it has already become 
notorious for its impropriety. 
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arcs {(v,T 


2) 'VE n-{T agit Secondly, whenever transaction u reads 


some variable x from v in h, we add the arc (v,u) in A. Further- 
more, if for a third transaction w, x is in the write-set of w, then 
we add the bipath ((u,w),(w,v)) in B. This concludes the construction 
of P(h). 

Intuitively, P(h) captures a partial order that can be interpreted 
as “happened before", and with which any history that is equivalent to h 
must be consistent. back axe (v,u) meina Chae. u ein gous variable 
from v and hence must follow it. _ Also, abipath ((u,w),(w,v)) means that 
w writes on the same variable, and hence cannot be in between v and u; | 


it must either precede v or follow u. This is stated as a lemma: 


LEMMA 1. Two histories h, = (n,1,/V,8) and h, = (n/7',V,8) are 


equivalent if and only if P(h,) and P(h,) are identical. N 


Proof. Both directions follow from Proposition 1 and the definition 


of P(h). . Fs) 


LEMMA 2. A history h#= (n,7,V,S) without dead transactions is seriali- 


zable if and only if P(h) is acyclic. 


Proof. If h is serializable, there exists a serial history h, 
such that heh, or, by Lemma 1, P(h) = P(h,)- However P(h,) = (N,A,B) 
is acyclic. To see this, let (Th reeerT) be ordered according to their 
occurrence in h,. We construct a digraph (N,A') € D(P (h.)) as follows: 
A' contains the arcs in A, and for each bipath C(t, 75), (TTY) in 


B we add to A the are (t5/T,) if i<j, or ri if j<k. To 
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show that exactly one of these must occur, recall that in h, Ty reads 


5) from Tp and hence R <4, and not R<4j<i. 


Consequently the above construction yields a digraph (N,A’') in 


a variable x€S(W 


D(P,A,B). Next, notice that (N,A') is acyclic since it is a subgraph 


of the total order ( ). So, P(h) is also acyclic. 


os Rs Raa tt © 
Now, let (N,A') be an acyclic digraph in D(P(h)).. The serial 
history h, resulting from topologically sorting (N,A') is then equi- 
valent to h. ‘This follows from propostéion 1 and from the fact that 
since one of the two arcs of each bipath in B is in A", all transactions 
in hs read all variables from the same transaction in h as they do in 


h.. o 
s 


Unfortunately, the combinatorial characterization of serial repro-~ 
ducibility shown in Lemma 2 does not directly suggest an efficient test. 


In fact, the theorem below is strong evidence that no such test exists. 


THEOREM 1. Testing whether a history h is serializable is NP- 
complete, even if h has no. dead transactions. 

In order to proceed with the proof of Theorem 1 we first need another 
lemma. It is well known (see [AHU],[Ka]) that the satisfiability problem 
of Boolean formulas in conjunctive normal form with two or three literals 
in each clause (abbreviated SAT) is NP-complete. We can show that a more 
. restricted version of this problem is still NP-complete. Call a clause 
mixed if it contains both variables and negations of variables, and call a 
foxmula noncircular if at most one of the occurrences of each variable is 


in a mixed clause. 
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LEMMA 3. SAT is NP-complete even if the formulae are restricted 


to be noncircular.. 


Proof. Consider any instance F of SAT and a variable x in it. 
Let m be the number of occurrences of x in the formula F, and let 
Ky Kore eer K, be new variables. We replace x in its first occurrence 


by x6 in its second by x.,, in its third by x,, etc. Finally, we add 


2° 
the clauses (x, Vx,) A (x, VxX,) A (x, Vx5) A (x, VX,)A-.+, which is the 
conjunctive normal form of x, Fx, =x, =x, = eee. Repeating this for all 
variables, we observe that the resulting formula is trivially noncircular, 


and the construction requires only a polynomial amount of time. 9 


Proof of Theorem 1. The set of SR histories is definitely in NP, 
since to show that h is SR, one only needs to construct a serial history 
hg fof length not greater ehan that of h), and check by Proposition 1 that 
h and h. are equivalent. 

We will next show that a known NP-complete problem, the noncircular 
SAT problem of Lemma 3 above, reduces to SR-testing in polynomial time. 

Given any such formula F, we are going to construct a polygraph 


Po (N,A,B) such that P_, is acyclic if and only if F is satisfiable. 


F 
We will then show that PE can be considered as P{(h) for a suitable 


history h, without dead transactions. In view of Lemma 2, this will 


conclude the proof. 


We. start from the construction of Po (N,A,B). F has m clauses 


C)> ers Ci and involves n Boolean variables Kypores x: Each clause Cc, 


consists of three literals i 41 ¥ 442% Aq3> where A sic is either a variable 


or a negation of one. N contains the nodes a, 5 b> c, for each variable 


k| 
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Xy> and Ys,» 2,2 k= 1,..,m, for each clause C with m, literals. For 


), 


i 


each variable x, we add the arc (a,»b ) to A, and the bipath ((b 


J 3 
(c,2a,)) to B. For each clause Cc, » we add the arcs Yar ety? 


44 


(addition mod m,) to A. Finally, if d,, = x,» we add the arcs (ey 2¥4y) 
and (by 244) to A, and the bipath (C2 5p F434.) > yy ods) to B. if Ai,* Xs 


then we add the arcs (254905) and (Yap ) to A, and the bipath (Cay sz4y)> 


j 


(z )) to B. For example, if the literal Ak is X50 the subpoly- 


graph of Figure 3 will appear in Pee 


., Finally, we add to WN the nodes Do», and Ng » together with the. 
arcs (npn), (n,n) and (n,n,) for all n€& N~{npsn,»n¢}s and also the arc 
(n,.n,)- This concludes the construction of Pp In Figure 4a we.illustrate 


the construction for the Boolean formula 


F = (x) Vx,) A (x) VX, V9) A (x, ¥x,)- 


For simplicity, in Figure 4 we have omitted the nodes n. and. Nee 


0) 
We will now argue that PP is acyclic if and only if F is satis- 


fiable. Suppose that. P is acyclic. This means that there is an acyclic 


F 
digraph (N,A') € DP.) - Obviously, for each j, exactly one of the edges 


(bjrc,) and (c is in A‘. Think the fact that (c,1a,) Ea! 


yf) j 
means that x, is assigned the value true. We may immediately note that 


if a literal Gy is given the value false by this assignment, the 


corresponding arc {( ) is also in A‘, since otherwise, a cycle of 


7 ik’ Tix 

= =z - - és i , ‘ e 
the form (ej r¥syrb;) -or (254065085) if Ay x, -would exist in ba ) 
Hence, the only way for (N,A') not to have a cycle of the form 


(Zsa rV ype Zygee er ¥y3) is that at least one literal in each clause is 


assigned the value true, which means that F is satisfiable. 


~15—- 


Conversely, suppose that F is satisfied by some truth assignment 
T. We will construct an acyclic digraph (N,A') € D(P,) - A' contains 
all of A and the arcs (c5/a5) if T(x,;) = true, (b5+c5) if 


T(x.) = falee, and the arcs ( ) if TCA, |) = falee, (Yi, rds) if 


5 Zin Vix 
Ai; and T(x,) = true, and (asrZ iy r 


Obviously, (N,A') is in Dip,); the claim is that it is acyclic. We 


) if Aye; and T(x.) = false. 
first note that since F is by hypothesis noncircular, (N,A) is acyclic. 
This is because by the construction of A, the clauses containing 
variables only or negations only correspond to node sets with only in- 

coming or, respectively, only outgoing arcs; node sets corresponding to 
| mixed clauses have both incoming and outgoing arcs, but no two such node 
sets are reachable from each other in (N,A), by F's noncircularity; it 
follows that (N,A) is indeed acyclic. It is easy to check that the arcs 
in A'-A aa harm the digraph's acyclicity only by introducing a 

(25 Yup rece e¥ gg) cycle; however, this would mean that some clause has 
no true (under 1) literal, and hence T does not satisfy F, a contra- 
diction. In Figure 4 we show in brokenlines the arcs of an acyclic 
digraph in DP): this digraph corresponds to the truth assignment 
T(x, ) = true, T(x,) = false, T(x.) = false which satisfies F. 

In order to conclude the proof we need to construct a history h 

such that P(h) =P. All nodes of Pe correspond to distinct transactions. 
To construct the read and write sets of the transactions (except for 

Ayn, and ne)» we start by having all read sets empty, and a variable x, 

in the write set of each transaction v. For each arc (v,u) GA we add a 


variable a to the write set of v and the read set of u, and for each 


bipath ((v,u),(u,w))EB we add Xy to the write set of u. Finally, 
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R(n,) = 6, W(n9) = {x :v€N} {x 3 (u,v)€A} = R(ng), R(n.) = {x :u€N}, 
W(ng) = Q, W(n,) {x 7 (usviea}. In order to sketch the construction of 
h, we represent the read and write operations corresponding to the node 

v of Py by R(v),W(v) respectively. We use v to stand for R(v)W(v). 

We start the construction of h from left to right. First, for each clause 
C, consisting of just negations we add the subhistory h(C,) =y,,...y,_. 

i i il in, 


Next, for each variable x, that appears unnegated in the mixed clause 


j 
Cc, (1-25) og = x,) we add the subhistory h(x,) = R(as)2,,c,W(aj RCD, dy, pW(b,) P 
The z im Part appears only if C i is purely negated and i a2. x, . Further, 


if. rp q = x, for some purely unnegated clause c, then Yoq appears also 


after y ak’ Then follow subhistories corresponding to the remaining 
variables. If x; does not appear unnegated in a mixed clause, then we 


add to h the subhistory h(x,) = R(a,)z4,¢,W(a,)R(b, )¥ ppW(b,). Again, 


Yor appears only if AR - x, for some purely unnegated clause C 2° and if 


J 


after Zan' Finally, we have h(C,) ™ “°° *7im, 


clause C 1? and at the end the transaction na. 


also appears in a purely negated clause C, Oo = x,) then 20q comes 


4 
for each purely negated 


To argue that Py = p(h), first note that all (y ) (mod m,) 


ig? 74j+1 
arcs are realized by h, and that the subpolygraph of Figure 3 is realized 


for each * al AK? and the symmetric subpolygraph for X, = Arps 


Furthermore, it is quite easy to check that no other arcs and bipaths are 


added by the construction. Hence PP = P(h), which completes the proof of 


Theorem 1. oO 
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4. EFFICIENTLY RECOGNIZABLE CLASSES OF SERIALIZABLE HISTORIES 


Given that SR is NP-complete, it is reasonable to look for subsets of 
SR that are efficiently recognizable. In this section we study several 


such classes of serializable histories. 


4.1 The Class DSR 


DEFINITION 3. Let h, = (n,1,V,S) and h, = (n,1',V,S) be histories. 


We write that h, Vh, whenever 1(0) ='() for all o€z except for 


two elements 0, 19, € ay with T(9,) Ce (o,) =i, m(0,) = T'(0)) =j+l for 
some 1<j<n-l, and either 


for some i, jJ<n, or 


ee 2 j 
b. 0, =R Oo, = Wye i#fj, i, j<n, and S(R,) NS(W,) 9, or 
c. O,=W,. O,=W,, i, j<n, and S(w,) NSW.) =p. ae a 


As an illustration, we have that 


Ry (x) R, [x]W, [x] W, fy] \ R, [x] R, [x]W, [y]W, [x] 
Ry [x] R, [x]W, fy]W, [y] © R, Ox], fyIR, bxlw, i), 


because at each step the next. history is obtained from the previous one by 
switching two adjacent symbols obeying one of the conditions (a), (b) and 
(c) of Definition 3 above. 

The following is a direct consequence of Proposition 1 and the above 


definition: 


PROPOSITION 3. If h, Vho, then hy =h, ° o 


=1les 


* 
Let ~ be the reflexive-transitive closure of ~. Since ~ is 

symmetric, = is an equivalence relation which is, by Proposition 3, a 

restriction of =. We can show that * is a proper restriction of = 


by observing that for the two histories 


h, “ R, (x] RW Ex)Rol[y]WWo[y] 
and 

h, = Ro [y1R, [x], Wa lyJR,W, [x] 
we have 

hy = h, ’ 
but 

h, ; h, . 


We say that the history h is D~serializable (DSR) if there is a serial 
history h, such that h R hg- Obviously, if a history is DSR, it is 
certainly SR. 

We can associate with a history h=(n,1,V,S) a digraph D(h) 
defined as follows: The nodes of D(h) are the transactions {r,,.../T,} 
of h, and the pair (tT, /T5) is an arc of D(h) if and only if either 

a. S(R,) NS(W,) # B and T(R,) <(W,), OF 

b. S(W,) Ns(R,) 7G and 7 (W,) SPRY or 


c. S(W,) nsw,) 7 @ and m(W,) <7(W,). 


3 
LEMMA 4. Suppose that for two histories h, = (n,7,V,S) and 
h,= (n,7',V,S) D(h,) and D(h,) have no cycles of length 2. Then 


* : . 
h, ~ h, if and only if D(h,) = D(h,). 
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Proof. It should be obvious from the definition of D(h) and the 
~ relation that whenever h, ~h, , also D(h,) = D(h,) A . Consequently, 


* 7 . 
h, ~ h, implies D(h,) = D(h,)-. 


For the other direction, assume that D(h,) =D(h,) . We shall 


transform h, to h) by a sequence of ~ transformations as follows: 


Take the symbol in aN that is the first symbol in h, (i.e., wt (1)) 


1 
and bring it to the first place of hy by successively switching it with all 


1 


symbols preceding it in’ hoi then take 7 (2) and bring it to the 


second position by switching it with all symbols preceding it, except 
whi); and so on, until h, is transformed to h,- It remains to show 
that all these switchings have been legal ~ transformations. Suppose 


that at some time we had to switch o, with o5 in a manner not 


allowed by Definition 3; that is either 


& OO, =Ry, OL= Ws this means, however, that in h,> Fy precedes 


2 i 


Ri, and hence h, is not a history. 


1 


b. ro) =Rie 0 ser and S(R,) NS (W ) 7 @. This would mean 


1 2 
however, that (Tee T 


j 
3) is in pD(h,) and (T5+T,) is in D(h,). Since 
D(h, ) and D(h,) have no cycles of length 2 we can conclude that 

D(h, ) # D(h,). 


Cc. Similarly for 0,=W,, O0,=W 


7M % jj and S(W,) NS(W,) # B. a 


j 
We can now prove the following Theorem. 


THEOREM 2. A history h=(n,7,V,S) is DSR if and only if D(h) 


is acyclic : 


Proof. Suppose that D(h) is acyclic. We can thus sort 


topologically the set — {t,,---+T} of nodes of D(h). Think of this 


order as a serial history hg. It is iaoatets that D(h,) =D(h), and 
hence, by Lemma 4, h x h,- It follows that h is DSR. 
For the other direction, assume that h is DSR. We have two cases 
a. D(h) has a cycle (T, T/T) of length 2. This means that 
T(R,) <7(WL) <4CW,), and S(R,) Ns(wW,) #9, S(W,) A (S(W;) US(Ry)) # #. It is 
easy to show that in all histories h' for which h*h' we will also 
have m'(R,) <m*(W,) <m'(W,), as otherwise h gh’, and: h Ph’, by 


Proposition 3. Hence there is no serial history h, such that h Zh 


s s’ 


a contradiction. 
b. D(h) has no cycles of length 2. By Lemma 4, there is a serial 
history he such that D(h) = D(h,) . However, serial histories h, 


have acyclic D(h and hence D(h) is acyclic. is] 


3)" 


Theoresi'2 suggests that histories that are DSR can be detected 


efficiently by checking D(h) for acyclicity: 


COROLLARY 1. Checking whether a history h#=(n,1,V,S) is DSR can 


be done in 0(|v|n?) time. =) 


Also, we can rephrase Theorem 2 as follows (compare with 


Definition 4 below): 


COROLLARY 2. A history h=(n,7,V,S) is DSR if and only if we can 
find real numbers | {s,--.-/S} such that 
; < ‘ . © 8,. 
a If S(W,) AS(R,) #2 and ™(W,) TR? then S. s, 
e 7 < Pad 
b If S(R,) bear # DZ and mR, ) <a) then Ss; Ss, 


c. If S(W,) ASM,) # @ and ™(W,) <TH) then S; < Ss: is 
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4.2 The Class 9 


DEFINITION 4. A history h=(n,1,V,S) is in Q if there exist 


non-integer, distinct real numbers 5S Sarees 8, with the following 


1 
properties: 
a. T(R,) < 8, <m(W,) 
b. If $(R,) NS(W,) 7 @, if j and (Ri) <7 (Wy) then a, <5, 
Cc. If S(W,) ASW) #8 and w(W,) <7(WL) then 8, <8,- 


j i 


The real numbers SpreeerS, in Definition 3 are called seriali- 


sability pointe. Their intuitive meaning is that the history h is the 


same as though transaction T, had executed indivisibly at the time 


instance 5S (during which, by (a) above, it was active), transaction 


1 
My at §&,, and so on. As an illustration, the history 


h = R, [x] R, [2]W, [y]R, [z]W, [x]W, ly] 


is in the class Q, since the values S,=3.5, S,=2.5, and $74.5 


1 2 
satisfy, as the reader can check, the requirements of the definition. 


The class Q was independently introduced by [Wo]. 
THEOREM 3. If h is in Q, then h is DSR. 


Proof. Conditions (b) and (c) of the definition of the class Q 
above are identical to (b) and (c) of Corollary 2 to Theorem 2. Hence 
it suffices to show that condition (a) above implies condition (a) of 
Corollary 2. But this is immediate, because if m(W,) <m(R,) we have 


that 8, <7(W,) <7(R,) <S 


j 5° no matter what S(R,) and S(w,) are. 


j 


ts | 
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Given a history h*#=(n,%,V,S) we can construct another digraph 
D' (h)--a superdigraph of D(h)--with node set again {t,,. ae Tht and 
(T,/T5) an arc if and only if one of the following holds 


b. m(R,) <7(W,) and S(R,) Ns(w,) # oD 


3 j 
c. ™(W,) <7(W,) and S(W,) nsw) ¥ g. 


In other words D'(h) contains all the arcs of D(h) and possibly some 


other arcs for the cases in which w(W,) <m(R)) and §(R,) Ns(w,) = g. 


THEOREM 4. The history h#(n,7,V,8) is in the class Q if and 


only if D'(h) is acyclic. 


Proof. Suppose that h€Q, and let Syreee eS) be appropriate 


numbers. Without loss of generality 8, <5, 


) ds in p'(h), then i<4. Suppose that i>4; by the 


<Seoe <s.- We shall show that 
whenever (tT, -T, 
definition of D’(h) one of the following must hold: 


a. w(W,) < (a)? ‘However, S <m(w,) <w(R,) <S,, which contradicts 


i j j 


our assumption that 8, <S,< °°: <S) and i> j. 


5) and S(W,) Ast) #@. By (c) of Definition 4, 


however, Ss, <s 4 again a contradiction. 


d. 7(W,) <1(W 


_c m(R,) <7(W,) and §(R,) Ns(w,) # @. Similarly, a contradiction 


j 3 
is reached by (b) of Definition 4. 


Consequently, D'(h) is acyclic, since it is a subgraph of a total order. 
For the other direction, suppose that D'(h) is acyclic. We can 


sort topologically its nodes to obtain the order, say, (T);Tore- ; T) z 


wees and 5S for convenience 
peverSis bea vi ) 


We can Gefine the real numbers S_,S l 


12 


as follows: 
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1 
b. s, = min{s, ,,/™(W,)} or ae j =n, n-1,...,1. 


‘te is clear that the a are distinct, increasing, non-integer 
real numbers, and that they satisfy (b) and (c) of Definition 4. It 
suffices thus to prove (a) of Definition 4, in particular that S, *™(R,) 


for all i. Suppose that, for some i, S, < T(R,). Let 3 be the 


i 


smallest index, no smaller than i, for which mw) < S54) 


- ‘Thus 


= ~ dcith : 
S, 7 TW) - > mW) = 2 


Consequently 1(R,) > (Ws) ~ 1, or m(R,) > w(W5). Hence (TT) € aA, 
which contradicts the fact that j2i in the topological sorting of 


D'(h). oO 


COROLLARY. Testing whether a history h=(n,1,V,S) is in Q can 


be done in o(|v|n2) time. ) 


4.3 Two-Phase Locking and the Protocol P3 


A very influential proposal for guaranteeing serializability of 
update systems has been the two-phase locking mechanism of [EGLT]--also 
discussed extensively in [BS]. Also, the essence of a quite different 
serializability principle (which was used in the development of the S81 


distributed system [RG], [BGRP]) is captured by the so-called protocol P3 
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(see [BS])}. In this Subsection we show that these two different 
philosophies of serializability are reduced, in our model, to two 
efficiently recognizable incommensurate subsets of our class DSR. 

The two-phase locking strategy requests and releases actual locks-- 
i.e., mechanisms that guarantee exclusive data access--during the execution 
of the different operations of an update. The rule that is proven 
sufficient for guaranteeing serializability is: never peamee. a lock 
after a lock has been released. We have, therefore, two phases: one 
during which locks may only be requested, followed by ene during which 
locks can only be released. The first release of a lock delimits the 
two phases. In our model of two-step updates the authors of [BS] note 
that two-phase locking for a history h=(n,7,V,S) essentially amounts 


t6 dividing the interval from 7(R,) to 7M) into two intervals: 


3 
one during which no symbol W, with 8(R,) nsw) @ can exist, followed 


by one during which no symbol GEE. with s(0) Nsw) #2 can exist. 


This is captured by the following definition: 


DEFINITION 5. A history h=(n,1,V,S) is two-phase locked 
(notation: h€2PL) if and only if there exist distinct non-integer real 
numbers £,,..-,%, (the lockpoints) such that 

-@& m(Ry) <h,<1(W,) for i1,...,n 

b. rf S(R,) NS(W,) ¥9, if#j and T(R,) <1(Wy), then ish, 


Cc. If S(W,) nsW,) ¥ @ and ™(W5) <7(W,), then m(W,) me oO 


To understand Definition 5, consider a transaction sa iW) ina 
history h€2PL, and its lockpoint 448 The intuitive meaning of the 


lockpoint is the following: during the interval [m(R,) 45] all 
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variables in S(R,) are "protected" from writing by other transactions, 


j 


by virtue of (b). Also during the interval (2. -m(W,) 1 the variables 


in S(W,) are protected from reading and writing. Conditions (b) and 


(c) therefore essentially say that the interval [2%,,1(W,)] overlaps 


5 j 


no interval [2 oT (WL) with S(W,) Ns(W,) #9 and no interval [m(R.) 25) 


J 


with S(W,) AS(R,) # @. Thus, the second lock is granted before the first 


is released, in accordance with the two-phase locking principle. 
Although Definitions 4 and 5 differ only slightly in condition (c), 

the latter is a substantial restriction. First, we notice that 2PL ¢ Q. 

Indeed, if h€2PL then the lockpoints Lyre 2k are automatically 


valid serializability points 5 in Definition 4. To see this, 


yer 5, 


just notice for that condition (c) of Definition 5 (7 (W,) <2.) together 


3 
with (a) (2, < CW, )) imply (c) of Definition 4 (namely,. S; < 8,)- 


®@ ghow that the inclusion is proper, notice that for the histogy _ 
h = RRR, [x]W, [x]W, ly-z]W, ty] 


we have that h€Q (see Figure 5a for D'(h)) but h ¢ 2PL. The ex- 
Planation for the fatter fact is that transaction 3 has no lockpoint Roe 
since, if it had, LR, should obey £,<2,<4 (by (b)) and also £,>5 
(by (c)). 

We can, however, check very efficiently whether ‘ history h is 
two-phase locked. Given any history h= (n,1,V,S) = define the history 
h* = (2n,17*,V,S*), where h* is obtained from h by inserting a 
)=9, 


P = * 
transaction Rit , Ww , after W, in h for j=i1,...,n; § (Ry 


+3 


j J 


and s*(W5) = S(W). For example, the history h* for h of the 


example above is 


~253~ 


Figure 5 
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h* = RRR, [x]W, [x] RW, [x]W, ly, 2]R,W,ly,z]W,ly]RWely]  . 


THEOREM 5. For a history h=(n,1,V,S) h€2PL if and.only if 


ht €Q. 


Proof. Let {ft reveeh } be a set of distinct non-integer real 
numbers, and let a(j) be the number of positions to the right that the 


symbol nt 


(J) was shifted in h*; in other words a(j) = 2-|{w, sm (W,) <4}|. 
Consider the set {8,,---+8,,3, where S,=2,+a({2,1) for i<n, and 
S,=7(W,_,) + a(m(W,_.)) + 3/2 for i>n. We claim that {2,} is an 
acceptable set of lockpoints satisfying Definition 5 if and only if 

. {s,} is a set of serializability points according to Definition 4. Both 
directions follow from the definitions. The formal derivation is 


“omitted, | 9 


To illustrate the theorem, the history h above is in Q, since 
D'(h) is acyclic (Figure 5a). However, it is not in 2PL, because D’' (h*) 


is not acyclic (Figure 5b). Naturally, Theorem 5 yields 


COROLLARY. Testing whether a history h=(n,1,V,S) is two-phase 


locked can be done in o(n?|v]) time. ) 


We now turn to formalizing and studying in our model the protocol P3 
of [BGRP] and [BS]. Recall the digraph D(h) defined for any history h 


in Subsection 4.1--see Figure 6a for an illustration in the case of 


h= R, [z]R,¥, [x]R, (x]W, [z]R,W, ly,z]W, [x] . 


ao7e 


Figure 6 


DEFINITION 6. Let G(h) be the undirected graph corresponding to 
D(h)--Figure 6b. A cycle in G(h) is a sequence (t,-T, ) of 


1 ™ 


m>2 transactions such that {t, ,T ] are edges of G(h), 


ao i FS 


jel,...,m-1, and so is [t, Ty, J. Notice that all edges are cycles 
“am TL 


according to this definition. A cycle (T, reeoeT, ) is bad if 
1 m 


[s(R, ) US(W, INS, ) #B, 
i, i, 4) 


S(R, )NsWwW, )A es. a 
iy i, 


Notice that in the above definition the first node of a cycle and 
the order of listing of the nodes are important. For example, in 
Figure 6 (T/T) is a bad cycle, whereas (T,,T)) is not. Bad cycles 
are, intuitively, those cycles that can correspond to a directed cycle in 


D(h') for some other history h' involving the same transactions. 


DEFINITION 6 (continued). Let h=(n,17,V,S) be a history. We say 
that T, is a guardian of T, if there exists a bad cycle 
(TyeTyre--eT) in G(h). We say that nh obeys the protocol P3 (notation 
h€p3) if whenever T; is a guardian of T, we do not have 1(R,) <m(W,) <7(W,). 


o 
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For example, consider the history h of Figure 6. The only bad 
cycle in G(h)--Figure 6b--is (T,/T,) , and hence the guardian relation 
is simple: just T, is a guardian of T,- Since ny) > 1(W,) , we have 


that h€P3. 


THEOREM 6. Suppose that h=# (n,7,V,S) is in P3. Then it is also 


in. DSR. 


Proof. We shall show that h€P3 implies that D(h) is acyclic. 


Suppose that D(h) has a cycle (Ty ,TyseeeoT)s m>2. Consider the arc 


(T yet j + of D(h)--addition mod m; we have three cases: 


a. S(W,) Nsw, i) # PD and (W,) <7TW,,,). 


j 
b. SW) NS(R, 1) AB and TW. 


jt1 


441 
ee s(R,) NSW.) 7 and m(RS) < TOW) . 


‘Notice that in both cases (a) and (b) we have that ™W, )< 7(W,.;), and 


jt1 


that more than one case may be applicable to the same arc. Case (c) is 


split into two subcases, 
(cl) Cases (a) and (c) do not apply to the arc (Ty_4>T,)- 
(c2) 4 = 1, or case (a) or case (c) appliee to (T,_y>T,)- 


In case (cl) we have that m(W, ,) <™(R,) <7(W,,,.). In case (c2), however, 


j-1 j j+1 
we notice that T, +1 is a guardian of ts Consequently, since ™(R,) < 
T( War) we must necessarily neve that ™W, )< TW S41): 

Now, consider the Solnae tone 04> 3 = 1,...,m, where ey = R, if 


case (cl) is applicable to the arc (T ), and O, = W, otherwise. 


gett aa 


We have shown that 7™(0,) < 1(O D for j = 1,...,m (addition mod m). 


jt 
This is a contradiction, since it implies that m(W, km (W,). oO 
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Theorem 6 implies the following, independently proved in [BS]. 
COROLLARY. Histories that obey the protocol P3 are serializable. 9a 


Our next result concerns the complexity of recognizing those histories 
that obey protocol P3. By the definition of this class, this complexity 
is determined by the complexity of computing the guardian relation among 
the transactions in a history. We shall show how this relation can be 
computed efficiently. For each transaction Tye let P(t,) be the set 
ry that satisfy S(R,) nsw.) y¥ 9. Thus, Mrs) 
is the set of all transactions that are possibly guardians of T 4° To 


of all transactions T 


determine whether a transaction T,ET(t ) is indeed a guardian of Ty. 


j 


we delete all edges (t,/T,] such that s(W,) n [s(w,) US(R)] =@ from 


G(h), and then determine whether Ty and tr, 


component of the resulting graph. This can be done in O(n?) time by 


are on the same biconnected 


the algorithm of [Ta]. If Tt, and t, are on the same biconnected 


component, this means that there is a bad cycle (Ty rT reser) in G(h), 

and hence tT, is a guardian of T 57 otherwise, it is not. Repeating this 
2 

for all Fa we get an algorithm of total complexity o(n*(|v| +n )). 


Hence we have 
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THEOREM 7. Testing whether a history h= (n,7,V,S)€P3 wan be 


done in o(n?(|v] +n7)) time. a 


4.4 The Class SSR 


Certain histories, though perfectly serializable, have a curious--and, 
according to some, undesirable--property. Consider, for example, the 


history 


h = R, (x]R,W,[x]R,W, ly, 21W, [y) . 


This history is serializable. However, the only serial history equi- 


valent to h is easily shown to be 


What is interesting is that in h transaction 2 has completed 
execution before transaction 3 has started executing, whereas the order 
in h, has to be the reverse. This phenomenon is quite counterintuitive, 
and it has been opined that perhaps the notion of correctness in ‘ates 
action systems has to be strengthened 80 as to exclude, besides histories 


that are not serializable, also histeries that present this kind of 


behavior. This leads to the following definition: 


DEFINITION 7. A history h®=(n,1,V,S) is said to be serializable 
in the strict sense (notation: h€SSR). If there is a serial history 
h,= (n,1',V,S) such that h=h,, and WwW) <m(B,) implies 


mw (W,) on NRG: ; Q 
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It is not hard to verify that all histories in the class Q satisfy 

Definition 7. To see this, recall that a history h in Q has a set of 
; i i i ; ares < = eee = e 
serializability points Ss, < S,< sat say, such that hg RW, RW h 


Now, if w(W,) <m(R,), we have, by the definition of Sj, s < m(W,) <m(R,) 


i 
< 85, and therefore i<j. Hence transactions i and j have the same » 
order in he that they have in h. It follows that Qc SSR. 


Nevertheless, the classes 9 and SSR are not the same, as con- 


jectured by [Wo]. A counterexample is 


h = R, [z1R, {z]W, (x,z]R,[x]W, [x,y]W,[z]R, ly]w, {x} . 
This history is equivalent to the serial history 
h, = R, [z]W, [x,y]R, [z]W, [x,z]R, (x]W, {z1R, ty]W, {x} , 


satisfying Definition 7. However, h is not in Q; to check this, just 
notice that the digraph D'(h) shown in Figure 7 is not acyclic. It is 


not known whether the class SSR is efficiently recognizable. 


Figure 7 
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4.5 Summary 


The topography of the set of all histories H and its subclasses 
SR, S (the serial histories), Q, SSR, DSR, P3 and 2PL is depicted in 
Figure 9. The inclusions shown either follow from the results of this 
section, or are straight-forward. We also show below an example of a 


history for each of the 12 regions in this diagram. 
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Figure 8 


R, (x]W, [x] R, [2] W, [x] 

R, (xR, Ly] W, [x] W, fy] 

RRR, [x]W, [x)w, ly,=]W, fy] 
R, Gel RW, (x,¥]¥, [z]R,W, ly,z] 
h, o h, 
R, [2] RW, [x,z]R, [x]W,(2]W, [x,y]R, fy]W, [x] 

R, fx) RW, (x) R, fy] WW, fy] 

R, [2]R, {z]w, [x,z]R, (x1 W, {x,y]W, tek, ty]w, [x] 
RL RAW, [x] R, [x] W, [x] W, [x] 

h, ° h, 


h, ° hy 


Ry Cel R, ix] W, [x], [x] 
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5. RESTRICTIONS ON THE READ- AND WRITE-SETS 


It turns out that if we impose certain restrictions on the structure 
of the map S of a history--i.e., the read- and write-sets of the trans- 
actions in the history--the topography of H (shown in Figure 8 for the 
general, case) is simplified considerably. The most striking such result 
is that of [S3R]. A basic assumption in the model of [SLR] --which is 
otherwise more general than the present in that it allows more than two 
steps--is that no database entity (or variable) is updated, unless it has 
been previously read. In our model and notation, this means that 


S(W,) © S(R,). What is surprising, is that serializability, an NP-complete 


3 3 
predicate in our model, is efficiently decidable in theirs. We explain 


this in view of our previous discussion as. follows: 


@WHEOREM 7. Suppose that for a history h=(n,1,V,S) we have 


S(W,) © S(R,) for j©1,...,n. Then h is serializable if and only if 


3 3 
h is in DSR. 


Proof. It suffices to show that if 8(9,) Ns(o,) ¥@ and 


w(0,) <1(6,) for Oy" o,€2, such that at least one of Oy" 5 is a 


write symbol, then ™' (o,) <1' (05) in any history (n,t',V,S) equi- 


valent. to h. Suppose that O,=W,, 2 =u. &(W,) and S(W,) share 


a variable x, which, by hypothesis, is also in S(R,). and S(R,)- 


Consequently, in h tT reads x from either tT, 


transaction which, by the same argument, reads x from another, and so 


or from another 


1 
that in any serializable history there can be no dead transactions. Hence, 


on, up to TT. Now, notice that the S(R,) > S(W,) assumption implies 
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by Proposition 1, in any history (n,7',V,S) equivalent to h we must 
also have T' (Ww, ) <t' (We) - ‘The other two cases are settled very 


similarly. qa 


It turns out that the rest of the classes of histories discussed 
previously have a considerably simpler structure under the assumption 
that S(W,) c 5(R,). We show below, without proofs the corresponding 


diagram. 


Figure 9 


Under a different restriction on S, the class SSR coincides with SR. 


THEOREM 8. Suppose that in a history h«(n,1,V,S) there is a 
subset x= {x, 1%50-0- XFS V such that for j3=1,2,...,n we have 
(a) xc S(R,), (b) x, 
serializable if and only if h€SSR. 


€s(w,) if and only if i=4. Then h is 


Sketch of Proof. Imagine that the variable x, isa Boolean sig~ 
nalling whether transaction ar has completed. Therefore, if ay completed 
in h before T, started, the same must hold in any other history equivalent 
to h. a 


-36- 


6. SCHEDULERS OF HISTORIES 


The practical importance of the classes of histories 2PL and P3 
discussed in Section 4 stems from the fact that they are known to 
correspond to simple schedulere. A scheduler for a class of histories 
(to be defined formally below) is generally an algorithm that takes as 
an input an arbitrary history~-possibly non~sexializable--and returns a 
history which is the "closest," to the given one among those belonging to 
the class. If the class is a subset of SR, therefore, the scheduler. 
guarantees that its output history is serializable. Such a scheduler 
can be used in the serializability component of the database management 
system. Of course, in practice one would pase that a scheduler operates 


on-line and is reasonably efficient. 


The history-input of the scheduler is the sequence of eine 
user requests. ‘The output of the scheduler - the actual execution 
piqueace The basic fact that makes our approach very different from 
previous work on concurrency control which was motivated by operating 
systems (e.g., the notion of determinacy of [cD}) is that the supplier 
of this input history is a population of users, each user being unaware 
of the actions of the others. This implies chat the order of arrival 
of these requests has no semantic content whatsoever, and therefore 
the scheduler is not bound to produce an output which is equivalent 
(or related in any prescribed way) to the input. In fact, the operation 
of the scheduler becomes interesting and important exactly when the 
scheduler must necessarily transform the input to an inequivalent output, 


because the input is non-serializable, say. 


-36a- 


There are, however, certain performance criteria that the input- 
output mapping of a scheduler should satisfy. For example, a trivial 
scheduler which guarantees serializability is the one that outputs 
only serial histories. This is, however, too restrictive a mechanism 
to be of practical value. Intuitively, the richer the output class, 
the more powerful the scheduler, cause a less restrictive class 
of histories will require less reshuffling of the operations and will 
cause fewer and shorter unnecessary delays. Ideally, we would like to 
have a sertaltzer, whose output spans all of SR. actowedicee ig: we 
shall soon see that the existence of such a practically useful device 


is very improbable. 


DEFINITION 8. The metric d(.,-) on the set H is defined as 
follows: 


a. a((n,%,V,S), (n,0,V,8)) = n-max{j:m (4) = p t(4), da 1,...,4}. 


b. d((m,7,V,S), (n,p9,W,T)) = © if any one of mpfn, V#W, 


S¥#T holds. Qo 


The distance between two histories defined on the same set of 
transactions is therefore n minus the length of their longest common 
prefix. Notice that d(.,.) satisfies the metric axioms. A variety of 


other metrics would suffice for what follows. 


DEFINITION 8 (continued) . Let C be a non-empty subset of H. 


A scheduler for Cc is a function A,:H*C such that 


a(h,Aj(h)) = min{d(h,h'):h€c} . o 
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Thus, A, can be thought of as projecting H onto C under the 
metric d(.,.). Notice that A, (h) and h will not be equivalent in 
general. The metric d(.,.) requires that | A, leaves histories in C 
intact, and, in fact, it leaves intact as long prefixes of arbitrary 


histories as possible. 


Let us restate now the assumptions of our model of schedulers 

(a). A scheduler A. minimizes the d-distance between its input 
and its output. This intuitively means that the scheduler operates on- 
line, and, furthermore, that it acts in an optimiatic way: As long as 
the history seen so far could possibly be extended to a correct’ history 
(here by "correct history" we mean one which the scheduler, in its lim- 
ited sophistication, recognizes as correct, or, equivalently, an ele- 
ment of C = A (A) the scheduler does not intervene to rearrange read 
and write requests. As a corollary, if the scheduler is fed with its 
own output, it leaves it intact; it is therefore idempotent, or a projection: 

This is a quite reasonable assumption to make. Although we cannot 
totally exclude the possibility of schedulers that operate otherwise 
(for example, anticipating future requests that will make the history 
non-serializable), all schedulers proposed in the past satisfy this 
assumption. Any scheduler implemented by natural constructs such as locks 
[KP], [EGLT] or queues has this property. 

(b). Among all histories in C that have the longest possible common 
prefix with the input history, A. selects any one as its output. Clearly, 
in practice this choice would be made so as to minimize some more refined 


metric d'. However, the results obtained below for our weaker metric 
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d' would apply to more relaxed metrics, too. 


We say that A, is an efficient acheduler if A, is computable in 
polynomial time. Our goal in this Section is to understand which classes 
of histories have efficient schedulers. It is tempting to conjecture 
that if a class is in P, then it has an efficient scheduler. This 


conjecture is not plausible, because, consider the following: 


EXAMPLE. Let E={hehg:h, is serial, and h=h,}. 
Obviously, E can be recognized in polynomial time; the algorithm 
involves splitting a given history in two halves, testing whether the 


second half is serial, and whether the second half is equivalent to the 
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first. However, it is also easy to see that E cannot have an efficient 
gehaauvee, unless P=NP. Suppose that E has an efficient scheduler 
A: Then we could test whether an arbitrary history h is serializable 
by first computing A, (heh) ’ and then checking whether A, (heh) starts 
with h. Since A, is supposed to leave unchanged as long prefixes of 
its input as possible, it will alter the first half of heh only if h 
is not serializable. Since serializability is known to be NP-complete, E 


cannot have an efficient scheduler unless P=WNP. o 


Our next result essentially says that efficiently recognizable a 
classes have efficient schedulers, unless they axe as pathological as 
our example. E above. Let h=(n,7,V,S) be a history, considered now 
as a string of symbols representing n,V,S and the permutation 1.. | 
A prefix of h is an initial segment of this representation, containing 
the encoding of n, V, S, as well ‘as an initial part of Se ree 
en (1) pW 2 (2) 2009 (4)> for some O<j<2n. If C isa class of 


histories, then PR(C) is the set of all prefixes of all histories in C. 


THEOREM 9. Let C be a subset of H. C has an efficient. scheduler 


if and only if PR(C) €P. 


Proof. Suppose that c has an efficient scheduler A,. In order 
to determine whether a string g is a prefix of a history h€c we may 
act as follows: we first verify that g contains encodings of n, Vv, 
and §, together with an initial segment p of a permutation 7 of ZI. 
¥e then generate a completion 6 of p by juxtaposing to p the 


but not W 


‘symbols W, such that R 5 


4 is present in (, and then the 
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strings RW, for all j's such that neither R, nor ", appears in 
po. We then calculate h' =A_((n,P,V,S)) - It is straightforward to see 
that g isa prefix of h' if and only if g€PR(C). ‘Thus we can 
efficiently determine whether g€PR(C). 

For the other direction, suppose that PR(C)€P. Based on the 
recognition algorithm for PR(C) we design an efficient scheduler: A 
shown in Figure 10. A, computes A, (h) =(n,0,V,S) by determining /P 
element-by-element. It should be obvious that AS operates as 
prescribed within a time bound of o(n2c(n, |v])), where C(n,|v|) is 


the complexity of recognizing. PR(C).. The Theorem follows. a 


It is now easy to link the discussion of Sections 3 and 4 with the 


existence of efficient schedulers. We get two types of results: 


COROLLARY 1. Uniess P=NP, SR has no efficient scheduler. a 


schedulers. 


Proof. We have shown that these sets are in P; it is usually 
straightforward to show that their sets of prefixes are also in P (this 
is not a general property of P; there ive languages in P that have 
non-recursive sets of prefixes). As an illustration, we will sketch a 
proof that PR(P3)€P. First, given an encoding of n, V, S, anda 
segment 9 of MT, we first compute from S the digraph F of the guardian 
Yelation among {T,,.-.,T I. We next make sure that whenever T, isa 
guardian of T 


and o(W,) is defined, then either OW.) < pws), or 


i 3 
p(R,;) > pws), or p{R,) is undefined. Finally, we make sure that 0 
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Scheduler A. 


Input: a history h= (n,7,V,S) 


Output: a history h'=(n,p,V,S)€C such that d(h,h') 


smallest possible, if such an h' exists. 


begin 
tf (n,< >,V,S) € PR(C) then return 
comment < > is the empty permutation; 
else begin 
pr=< >; 
for j=1,...,2n do 
begin 
done: = false; 
for i=j, jtl,...,2n do until done 
if (n,<p,1 1 (i)>,V,8) EPR(C) then 
begtn 
done: = true; 
interchange n 4 (4) ‘and nt¢5); 
pt = <pem i (i)>; 
end; 
end; 
end; 
return (n,p,V,S); 


end 


Figure 10 


is the 
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| can be completed in a manner not violating P3. It turns out that this 
amounts to verifying that the restriction of F to the transactions 
that are active (i.e., p(R,) is defined but (wy) is not) is acyclic 
(a discussion of this part follows the proof). Hence we have an 


efficient algorithm for PR(P3). a 


We show in Figure 11, without proofs, stylized versions of efficient 
schedulers for the classes 2PL (lib). P3 (lla), DSR and Q (llc; for Q 
we also include the two statements labeled Q). Besides serializability, 
these algorithms must also guarantee the absence of deadlocks. The 
issue of deadlocks appears to be orthogonal to that of serializability, 
and, in fact, clever serializability methods are know to introduce 
increased danger of deadlocks.of the "circular waiting" variety ([CD], 
pp.40-60). A unified treatment of serializability and deadlocks in a 
restricted data model is attempted in [SX]. In all cases of interest to 
us, deadlocks can be prevented by testing a dynamically changing deadlock 
graph for acyclicity. For example, in two-phase locking deadlock can 
occur if a number of transactions have each locked their read-set, and 
are awaiting for each other to release their locks. Hence, in this case 
the deadlock graph has variables as nodes, and has an arc from x to y 
if and only if some transaction currently on phase 1 reads x and writes 
y. In P3 the deadlock graph is the restriction of the guardian relation 
to the currently active transactions--this was mentioned in the proof of 
Corollary 2 to Theorem 9. Finally the deadlock graph in DSR (resp., Q) 
has as nodes the active transactions and includes the arc (tT, /T,) if 
and only if there is a path from T, to T, in D(h)--resp. D'‘(h)-- 


and S(W,) ns) # D. 
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Our notation in Figure 11 assumes that the process B or ie is 
initiated as soon as a corresponding read or write requests arrive. 
We use constructs such as when (denoting the awaiting for a condition) 
and tbegin...tend (bracketing statements that are to be executed 
indivisibly). It should be obvious that these algorithms can be 


implemented deterministically and efficiently on any standard model of 


computation. 


process R, 
when the deadlock graph with T Fi is acyclic do 


output (R 5) 


process W F 
when T j is not the guardian of an active transaction do 


output (ws) 
(a) 


process R, 


when the deadlock graph with T, is acyclic and 


j 


no variable is 8(R,) is read-locked do 


thegin 


.weite-lock all variables in S(R,)5 


output (R,) 
tend; | 
wien a process W, with s(w,) ns(R,) ¥ 9 or ij has been initiated and 


no variable in S(W,) - 8(R,) is writelocked do 


3 
tbhegin 
write-lock and read~lock all variables in S(W5)3 
un~write-lock ‘all variables in S(R,) - S(W,). 
tend 
process W F 
when R, has terminated do 


3 
tbegin output Ww, ) 


unlock ali variables in StH) 
tend 
(b) 
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process R 4 


declare L, sequence of symbols in zu ist 


comment uy contains all R, or W, 


path from Ty in D (resp. D'), up to this point; 


such that T, is reachable by a | 


when the deadlock graph is acyclic and for no T; # Ty. 


with S(R,) ns(w,) ¥ D, S(R,) ns(W) #2 is Ww, EL, do 


3 
tbegin 
output (R, ) 
a ra {r,t 


add R, to all L, containing W, with &(R,) NS(W,) ¥ @ 


j 


3 
Q: add R 


4 to all Ly containing f 


process Ww, 


when the deadlock graph contains no arc (T,-T ;) do 


output (WwW j ) 


add W, to all L containing oO such that 8(W,) 1.8(0) #@ 


3 
Q: add f to all L, containing R, or wy 
set L,: = J 

tend 

(c) 


Figure 11 
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7. DISCUSSION 


We shall consider extensions of our results in three directions: 
general multi-step transactions, interpreted transactions, and 


distributed databases. 


7.1 Multi-step Transactions 


We shall briefly discuss how our entire development of Sections 2 
through 6 can be easily extended to a far more general multi-step model of 
transactions. We consider transactions that consist of sequences of 
steps; each step may involve both reading and writing. The values written must 
be considered as uninterpreted functions of all variables read at the 
present or previous steps of the same transaction. Our definition of 
liveness now applies to individual steps of transactions. No further 
modifications are necessary for stating the analog of Proposition 1. 

Serializability is obviously NP-complete in this model, as it- 
subsumes ours. Assuming that no transaction reads intermediate results 
of another or reads two different versions of the same variable at two 
different steps--in which case the history is not serializable--Lemma 2 
ie also valid. The four serializability principles discussed in Section 4 
remain virtually unchanged--in fact, uophaes locking was initially pro- 
posed for a similar model in [EGLT]. For another example, we shall describe 
in a somewhat more detailed manner the generalized P3 class of histories. 


In the multi-step model a step s of a transaction can be an (1,j)-guardian 


of another transaction, where i<j are steps. This means that = 
interacts with i--i.e., either its write set includes variables of i, 

or vice-versa--and there is a chain of interactions from s to j. If 
this is the case, s is not allowed - occur between i and j. ‘This 
P3 protocol always yields DSR (and hence serializable) histories. 

For the classes DSR and Q, we ise wiutiee graphs D(h) and D'(h). An 
ea (T, +T,) is in D(h) if a step of 1, interacts with a subsequent 
step of T;- For D'(h), it may just be that the last step of ‘, | 
precedes the first step of T;: The acyclicity of D(h) again Sanrahtees 
serializability, and that of D'(h) strict serializability. Hence, these 
remain two most general serializability techniques: subsuming two-phase 
locking and P3, in this general setting, too. 

Finally, it is easy to see that the results of Section 6-=~the 
necessary and sufficient condition for the existence of efficient 
schedulers and its corollaries--apply even more directly to multi-step 
histories. We hope that the reader is by now convinced that introducing 
general multi-step transactions would have resulted in an unmanageably 


cumbersome notation but in very few new important ideas. 


7.2 Interpreted Transactions 


A significant departure from our model would be to look more closely 
into the computations performed by the transactions and exploit their 
details for studying serializability--or correctness, in general. If 
only syntactic information about the transactions is available (e.g., the 


read- and write-sets) then serializability can be formally proved to be 
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the right concurrency concept [KP]. If, however, semantics of the 

Huactiods performed, or even the integrity constraints, are known, then 

it may be the case that more liberal concurrency principles than seriali- 
zability are applicable. An example is the correctness theory proposed 

in [Lal], where the concurrency control mechanism takes into account in- 
formation about the semantics and integrity constraints supplied by correct~ 
ness proofs of the individual Sigekadeioda: The extent to which such. 
information is helpful is investigated in [KP]. 

It is doubtful whether complete semantic isto elon can be used 
effectively for concurrency control. Any reasonably complex domain of 
interpretation (e.g., arithmetic) would soon make the serializability 
problem undecidable. There should be, however, ways to use partial 
semantic information in order to improve our understanding of seriali- 
zability. One possibility is to use the fact that two transactions 
perform precisely the same function; one of the implications is that they 
commute. ‘It is not too hard to see that this adds nothing to the model 
developed thus far. Incidentally, this allows us to extend our original 
model so as to permit multiple occurrences of a transaction in a history. 

Another possibility would be to selectively consider certain very 
simple transactions to be interpreted. A good example of a very common 
transaction that performs a well-understood function is the 
a transaction that reads x and later records ite value at y. Serializa- 


bility become trickier. For example the history 


h = R, [x] R)R, [x] W, [x] W, [y]R, [y]W, (x) R, [x], [2] W, [z] 
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is not serializable in our ordinary sense, but becomes equivalent to the 
serial history h,=T,T,TQT,7, once we assume that écuvigane Iona 3 and 4 
are copiers. Proposition 1 becomes somewhat more complex in the 
presence of copiers. However, it is interesting to note that if copiers 
are restricted not to read variables from other copiers, then the 
introduction of copiers adds no strength to our model, and Proposition 1 
and Lemma 2 remain unchanged under this assumption. This remark plays 


an important role in the next topic of our discussion. 
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7.3 Distributed Databases 


There is a large body of literature aiming at the understanding of 
the quite elusive notion of distributed computing (see, for example [La2]). 
Distributed databases have inherited some of the intricacies of this 
area [RG], [Th]. We shall limit our discussion to the case of two 
complete copies of the database in different locations, although there 
are difficulties which first appear in the cases of three copies or of 
selective redundancy [BSRG]. A major problem is, what happens when a 
transaction is run in one location, thus changing only one of the two 
copies. A simple technique for solving this would be to send an update 
message (BGRP] to the other location as soon as the transaction has 
cmplatea. We have therefore a sequence of genuine transactions and 
update messages running in the system, and we can thus view the two | 
copies of the database as a single database--think of the two copies of 
the variable x as two variables my and Xo ° 
A difficulty appears when we try to define a history. The distributed 
nature of our computation, the communication delays and imperfect clocks 
make temporal priority-~on which our ordinary notion of history was 
based--less tangible. The observation here is that mistakes in our 
arrangement of the events which are due to the above factors preserve 
history equivalence. Hence, we can put together a history--the global 
log of [BGRP]--as long as it is consistent with local priorities and 
arrivals of messages. Now, the update messages are in fact just copiers, 
and they only read variables that were updated by ordinary transactions. 


Hence the last remark of the previous Subsection is applicable, and the 
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serializability problem has been reduced to the one already studied! of 
course, we are not just looking for serializability, but for the 
“existence of an equivalent serial history in which an update message | 
immediately follows the corresponding transaction. This, however, does 
not change the essence of the task. All our special case results hold 
with very minor modifications. 

What is considerably more complex in the distributed context ts 
the subject of schedulers. There is no obvious neat way to compile 
syntactic restrictions on the global history into distributed algorithms 
that achieve chem: It therefore appears that distributed history 
schedulers must concern themselves with the details of the underlying 
model of distributed computation in order to implement the intended 
serializability principle; the formidable algorithms of [Th] and [BSRG] 
dijustxyate this point. Nevertheless, it is still natural to qenjeqtuxe 


that the more general ideas related to the classes DSR and Q would 


prove advantageous in the distributed environment as well. 
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7.4 Open Problems 


We have proposed a formalism for the concurrency control problem for 
databases. There ies two aspects of this formalism that may limit its 
applicability, and must therefore be modified in a second attempt. One 
is our basic assumption, manifested throughout the paper, that the syntactic 
description of all transactions to occur in the history is known to the 
echeduler a priori. It is not clear how to remove this assumption, and 
still retain the wealth of available solutions. One way would be to have, 
following [BSRG], a certain number of prototype transactions—-or alasses — 
to one of which any arriving transaction can be matched. Another way out 
would be to adopt only transaction-driven concurrency controls. Two~phase 
locking [EGLT] is an example of such a concurrency control, and so would 
be any other locking picnene: The limitations of such approaches are 
studied in [KP]. On the other hand, it is possible that variants of the 
schedulers presented here could also be implemented in a transaction-driven 
manner. 

Secondly, our way of evaluating the performance of schedulers is also 
in need of an improvement. We propose only a qualitative measure of the 
performance of a scheduler--namely the set of all output histories. This 
leads to only a partial order of schedulers. This was shown to be a 
reasonable and useful approximation of reality when the goal is to derive 
indicative results or compare general principles of serializability. It is 
clear, however, that a more concrete méasure of performance is needed for 
more practical applications. One promising direction would be to somehow 
count the total number of delays imposed on requests-~at a first approximation, 


the number of transaction steps that cannot execute immediately upon arrival. 
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This would be a refinement of our measure: our measure, roughly speaking, 
assigns a perfect score to all histories that remain the same, and zero 
score to all histories that are changed, however small the change. A 

more refined measure might even put to test some!of our assumptions, like 
the “optimistic scheduler" assumption (Section 6): in certain cases it 

may be preferable to iutervins and modify slightly the history, when. 
serializable completion becomes extremely unlikely, although not impossible. 
Naturally, adopting a more concrete measure of performance for schedulers 
will most likely require the introduction of specific and pragmatic details 
‘ef the particular application, and the overall approach may have to be | 
probabilistic. 

By considering only serializability as our notion of correctness we 
have somehow limited our scope. Examples of concurrency control techniques 
more general than serializability can be found in [Lal] and [KL]. They 
are arrived at by assuming that the scheduler has more than syntactic in- 
formation about the transaction system that it handles--e.g., semantic 
information or understanding of the integrity constraints. It is pointed 
out in [KP] that serializability is just one point in the trade-off 
between information and performance of schedulers. However, we feel that 
there is something natural about the use of syntactic information for con- 
currency control, and the importance of concurrency techniques stronger 
than serializability is of limited practical value. 

Finally, we recall two other problems that are left open here: the 
complexity of recognizing the class SSR, and developing techniques for 


designing distributed schedulers from syntactic specifications. 
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